No, la password effettiva non viene registrata perché l'handshake a quattro vie garantisce che la password non venga mai inviata su open air, come questa voce di Wikipedia spiega:
The four-way handshake is designed so that the access point (or authenticator) and wireless client (or supplicant) can independently prove to each other that they know the PSK/PMK, without ever disclosing the key. Instead of disclosing the key, the access point & client each encrypt messages to each other—that can only be decrypted by using the PMK that they already share—and if decryption of the messages was successful, this proves knowledge of the PMK. The four-way handshake is critical for protection of the PMK from malicious access points—for example, an attacker's SSID impersonating a real access point—so that the client never has to tell the access point its PMK.
Tuttavia, è possibile rilevare che è stato effettuato un tentativo utilizzando Wireshark, che è spiegato nel pacchetto WPA Tutorial di Capture Explained :
This is quick and dirty explanation of two sample WPA capture files. The first file (wpa.full.cap) is a capture of a successful wireless client WPA connection to an access point. The second file (wpa.bad.key.cap) is a capture of a wireless client attempting to use the wrong passphrase to connect to the AP.
Aggiornamento per includere la risposta di Steffen Ullrich relativa a WEP:
WEP is also using a challenge response authentication were the transport is not actually transferred and thus cannot captured by a rouge AP, see wikipedia